<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
  <title>Velocitime Minutes 4</title>
                                         
  <meta http-equiv="content-type"
 content="text/html; charset=ISO-8859-1">
                       
  <meta name="author" content="robert">
</head>
  <body>
           
<h1>Velocityme Minutes 10</h1>
           
<table cellpadding="2" cellspacing="0" border="1" width="100%">
        <tbody>
          <tr>
            <th valign="top" bgcolor="#cccccc">Date<br>
            </th>
            <th valign="top" bgcolor="#cccccc">Venue<br>
            </th>
            <th valign="top" bgcolor="#cccccc">Present<br>
            </th>
            <th valign="top" bgcolor="#cccccc">Apologies<br>
            </th>
          </tr>
          <tr>
            <td valign="top">2002-10-29<br>
     20h00-22h22<br>
            </td>
            <td valign="top">13 Pearson Road<br>
Tableview<br>
            </td>
            <td valign="top">Robert Crida (RC)<br>
 Wayne Paverd (WP)<br>
      Barry Radloff (BR)<br>
            </td>
            <td valign="top">David Spencer (DS)<br>
            </td>
          </tr>
                       
  </tbody>      
</table>
      <br>
           
<table width="100%" border="0" cellspacing="0" cellpadding="2">
        <tbody>
          <tr>
            <th valign="top" bgcolor="#cccccc">Topic<br>
            </th>
            <th valign="top" bgcolor="#cccccc">Responsible Person<br>
            </th>
            <th valign="top" bgcolor="#cccccc">Due Date<br>
            </th>
          </tr>
                                  <tr>
            <td valign="top"><b>1. Minutes from meeting 9</b><br>
            </td>
            <td valign="top"><br>
            </td>
            <td valign="top"><br>
            </td>
          </tr>
               <tr>
            <td valign="top">1.1 BR to write minutes for meeting 9<br>
            </td>
            <td valign="top">BR<br>
            </td>
            <td valign="top">2002-11-05<br>
            </td>
          </tr>
                        <tr>
            <td valign="top"><b>2. Discuss WP's comments about the project</b><br>
            </td>
            <td valign="top"><br>
            </td>
            <td valign="top"><br>
            </td>
          </tr>
          <tr>
            <td valign="top">2.1 WP could not find his original list of comments<br>
            </td>
            <td valign="top"><br>
            </td>
            <td valign="top"><br>
            </td>
          </tr>
          <tr>
            <td valign="top">2.2 WP wished to raise a flag about the different
levels of security, the approach appeared limited.<br>
            </td>
            <td valign="top"><br>
            </td>
            <td valign="top"><br>
            </td>
          </tr>
          <tr>
      <td valign="top">2.3 WP felt his previous concerns had be resolved
by the meeting 8 discussions<br>
      </td>
      <td valign="top"><br>
      </td>
      <td valign="top"><br>
      </td>
    </tr>
    <tr>
            <td valign="top"><b>3. Discussion of naked objects</b><br>
            </td>
            <td valign="top"><br>
            </td>
            <td valign="top"><br>
            </td>
          </tr>
     <tr>
       <td valign="top">3.1 RC has not yet had time to look at the naked
object videos<br>
       </td>
       <td valign="top">RC<br>
       </td>
       <td valign="top">2002-11-02<br>
       </td>
     </tr>
     <tr>
       <td valign="top">3.2 It is proposed that users can work with objects
instead of workflow as in use cases<br>
       </td>
       <td valign="top"><br>
       </td>
       <td valign="top"><br>
       </td>
     </tr>
     <tr>
       <td valign="top">3.3 BR Naked objects apparently define requirements
more clearly than use cases so should be easier to test<br>
       </td>
       <td valign="top"><br>
       </td>
       <td valign="top"><br>
       </td>
     </tr>
     <tr>
       <td valign="top">3.4 WP is not sure that he agrees with 3.3. Feels
that proof of correctness may be easier but use cases more suitable for requirements
fulfillment.<br>
       </td>
       <td valign="top"><br>
       </td>
       <td valign="top"><br>
       </td>
     </tr>
     <tr>
       <td valign="top">3.5 RC to give videos to WP prior to the next meeting<br>
       </td>
       <td valign="top">RC<br>
       </td>
       <td valign="top">2002-11-02<br>
       </td>
     </tr>
     <tr>
       <td valign="top"><b>4. Review of security</b><br>
       </td>
       <td valign="top"><br>
       </td>
       <td valign="top"><br>
       </td>
     </tr>
     <tr>
       <td valign="top">4.1 After much discussion the following principles
were agreed upon by all present. This supercedes all previous security and
permission discussions.<br>
      <ul>
        <li>Roles are always globally defined. There should be a delete option
but it should potentially be reversible (ie simply flag files as no longer
active rather than removing them)</li>
        <li>Users can be assigned to roles at any node of the task tree.</li>
        <li>Users exist globally within the system.</li>
        <li>A role can be defined to be either recursive or not. A user assigned
to a recursive role carries the role for the complete subtree of the node
where the assignment is made. A use assigned to a non-recursive role only
occupies the role in the node where the assignment is made.</li>
        <li>A user may be assigned to multiple roles simultaneously.</li>
        <li>Permissions are set on roles but not on users.</li>
        <li>Permissions are set globally for a role.</li>
        <li>Permissions for a task for a user are the union of the permission
of all roles that the user occupies at that task.<br>
        </li>
      </ul>
       </td>
       <td valign="top"><br>
       </td>
       <td valign="top"><br>
       </td>
     </tr>
     <tr>
       <td valign="top">4.2 The following possible applications of the previous
principles were developed:<br>
      <ul>
        <li>The must be a default user and role which is used to create other
users and roles and set up permissions on the roles.</li>
        <li>WP suggested that a paranoid approach would be to make the system
have a single login until the default user and role had been deleted to prevent
abuse of the system.</li>
        <li>The advantage of creating all roles is it makes it harder for
hackers to access the system as there are no standard users or roles.</li>
        <li>The setup role needs to allocate at least one user to a role
which has permission to create tasks in the root of the task tree.</li>
        <li>Users can only see the part of the tree that they have access
to. From an implementation point of view, one could find a path to the root
from each node where the user is assigned to roles plus all subtrees from
those nodes (if roles are recursive). This is preferable to traversing the
complete tree.<br>
        </li>
      </ul>
       </td>
       <td valign="top"><br>
       </td>
       <td valign="top"><br>
       </td>
     </tr>
     <tr>
       <td valign="top"><b>5. Continuing use case descriptions</b><br>
       </td>
       <td valign="top"><br>
       </td>
       <td valign="top"><br>
       </td>
     </tr>
    <tr>
      <td valign="top">5.1 There was insufficient time for this, continue
at next meeting<br>
      </td>
      <td valign="top">RC, WP, BR<br>
      </td>
      <td valign="top">2002-11-05<br>
      </td>
    </tr>
                                                                        
                                                                        
                 
  </tbody>      
</table>
      <br>
           
<table cellpadding="2" cellspacing="0" border="1" width="100%">
       <tbody>
         <tr>
           <th valign="top" bgcolor="#cccccc">Author<br>
           </th>
           <th valign="top" bgcolor="#cccccc">Date<br>
           </th>
           <th valign="top" bgcolor="#cccccc">Next Meeting<br>
           </th>
           <th valign="top" bgcolor="#cccccc">Venue<br>
           </th>
         </tr>
         <tr>
           <td valign="top">Robert Crida<br>
           </td>
           <td valign="top">2002-10-30<br>
           </td>
           <td valign="top">2002-11-05<br>
           </td>
           <td valign="top">22 Bordeaux<br>
     Tokai Villas<br>
           </td>
         </tr>
                   
  </tbody>     
</table>
     <br>
</body>
</html>
